Connect with us

Hi, what are you looking for?


Incident Response

NASA Denies Recent Iranian Hacker Claims

Earlier this month, SecurityWeek reported that NASA was investigating claims made by a group of Iranian hackers that an SSL certificate issued to its Research and Education Support Services (NRESS) group was compromised, and used in a Man-in-the-Middle attack.

Earlier this month, SecurityWeek reported that NASA was investigating claims made by a group of Iranian hackers that an SSL certificate issued to its Research and Education Support Services (NRESS) group was compromised, and used in a Man-in-the-Middle attack.

As part of the claimed attack, an Iranian student group comprised of programmers and hackers known as the Cyber Warriors Team, claimed to have compromised the certificate by exploiting an existing vulnerability within the portal’s login system. Once they had control over the certificate, they claimed to have used it to “obtain User information for thousands of NASA researcher With Emails and Accounts of other users.”

After telling SecurityWeek on May 18th that the space agency was investigating the claims, NASA has now said that the hacker claims appear to be false.

“NASA discovered the message within hours of its initial post and immediately started an investigation,” a NASA spokesperson told SecurityWeek on Friday via email. “Although the investigation is ongoing, all results thus far indicate that the claims are false.”

NASA“False compromise claims about intrusions on NASA IT systems are common,” the spokesperson added. “For example, the same day the Iranian claim was posted, NASA investigated two additional claims of intrusions posted on the same web site. They also were found to be false.”

While these claims may or may not be true based on what has been found so far, the agency has fallen victim to several breaches in the past, and has admitted its security shortcomings.

In March, NASA Inspector General Paul K. Martin told the House’s Committee on Science, Space, and Technology’s Subcommittee on Investigations and Oversight, that the agency faces serious challenges when it comes to protecting its information and systems from cyber attacks. Martin said that NASA was the victim of 47 APT attacks, 13 of which compromised agency systems during FY 2011. In one incident, attackers captured user credentials for more than 150 NASA employees that could have been used to gain unauthorized access to NASA systems. “The attackers had full functional control over these networks,” he said.

In response to the latest claims coming from the group of Iranian hackers, NASA said it was still investigating the issue, and assessing its security posture in certain places.

Advertisement. Scroll to continue reading.

“To ensure that the subject systems are secure, NASA is re-validating its security profiles to ensure they are operating with minimal risk,” the NASA spokesperson said. “IT Security remains a critical function at NASA. At no point were any sensitive, mission, or classified systems compromised.”

While NASA is refuting the claims that the said SSL certificate was compromised, and that no sensitive or classified information appear to have been accessed by attackers, it doesn’t mean that possibly some other IT assets were compromised. “This is as much as our security people are able to say on this,” the spokesperson said. “That doesn’t mean anything else was accessed, but I won’t be able to confirm it either way.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...